(params: GetCredentialsParams, context?: { userId: string })
| 18 | export const getCredentialsServerTool: BaseServerTool<GetCredentialsParams, any> = { |
| 19 | name: 'get_credentials', |
| 20 | async execute(params: GetCredentialsParams, context?: { userId: string }): Promise<any> { |
| 21 | const logger = createLogger('GetCredentialsServerTool') |
| 22 | |
| 23 | if (!context?.userId) { |
| 24 | logger.error('Unauthorized attempt to access credentials - no authenticated user context') |
| 25 | throw new Error('Authentication required') |
| 26 | } |
| 27 | |
| 28 | const authenticatedUserId = context.userId |
| 29 | |
| 30 | let workspaceId: string | undefined |
| 31 | |
| 32 | if (params?.workflowId) { |
| 33 | const { hasAccess, workspaceId: wId } = await verifyWorkflowAccess( |
| 34 | authenticatedUserId, |
| 35 | params.workflowId |
| 36 | ) |
| 37 | |
| 38 | if (!hasAccess) { |
| 39 | const errorMessage = createPermissionError('access credentials in') |
| 40 | logger.error('Unauthorized attempt to access credentials', { |
| 41 | workflowId: params.workflowId, |
| 42 | authenticatedUserId, |
| 43 | }) |
| 44 | throw new Error(errorMessage) |
| 45 | } |
| 46 | |
| 47 | workspaceId = wId |
| 48 | } |
| 49 | |
| 50 | const userId = authenticatedUserId |
| 51 | |
| 52 | // Resolve workspace access once and thread it into both credential lookups |
| 53 | // below; each would otherwise re-resolve the same workspace-admin status. |
| 54 | const workspaceAccess: WorkspaceAccess | undefined = workspaceId |
| 55 | ? await checkWorkspaceAccess(workspaceId, userId) |
| 56 | : undefined |
| 57 | |
| 58 | logger.info('Fetching credentials for authenticated user', { |
| 59 | userId, |
| 60 | hasWorkflowId: !!params?.workflowId, |
| 61 | }) |
| 62 | |
| 63 | // Fetch OAuth credentials |
| 64 | const accounts = await db.select().from(account).where(eq(account.userId, userId)) |
| 65 | const userRecord = await db |
| 66 | .select({ email: user.email }) |
| 67 | .from(user) |
| 68 | .where(eq(user.id, userId)) |
| 69 | .limit(1) |
| 70 | const userEmail = userRecord.length > 0 ? userRecord[0]?.email : null |
| 71 | |
| 72 | // Get all available OAuth services |
| 73 | const allOAuthServices = getAllOAuthServices() |
| 74 | |
| 75 | // Track connected provider IDs |
| 76 | const connectedProviderIds = new Set<string>() |
| 77 |
nothing calls this directly
no test coverage detected